Scribd
Upload
49 views3 pages

Hacking Techniques Assessment-Updated

Uploaded by

STANLEY HARRISON
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
49 views3 pages

Hacking Techniques Assessment-Updated

Uploaded by

STANLEY HARRISON
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Incident Handling and Hacking Techniques Part 1 (Hacking

Techniques) assessment- 90 %
Deadline: 14/01/2021 3pm

Learning Outcomes
 Employ advanced hacking techniques to compromise computer systems and networks

 Review and evaluate advanced reconnaissance and scanning techniques used by Attackers

 Critically analyse techniques used by attackers to gain and maintain access to computer
systems and cover tracks of the attack

INSTRUCTIONS
For this task you are required to download and set up with Vmware Player or any other Vmware
product, the Metasploitable Virtual Machine from:

http://sourceforge.net/projects/metasploitable/files/Metasploitable2/

Or if you wish to configure it you can use Metasploitable 3

If you do not have Vmware or do not want to use VMWare you can surely use VirtualBox or any
other virtualization software but you will have to adapt the above virtual machine to the target
virtualization environment. Easy howto instructions exist for using Vmware virtual machines in
VirtualBox. It is assumed that you have the necessary competences for carrying out the Virtual
Machine setup instructions above. There exist a number of online tutorial and instructions on how to
perform the exploitation of the Metasploitable virtual machine.

1. With regards to the Metasploitable vulnerable machine, you are to demonstrate your ability
to carry out advanced exploitation techniques by creating a penetration testing
methodology. Specifically, you are required to perform and report on the following (2000
words):

 Design of a methodology

 Host enumeration and fingerprinting

 Service enumeration and fingerprinting

 Vulnerability Scanning

 Vulnerability Exploitation

Privilege escalation

Marking Criteria Comment Weight


Methodology Design This section focuses on 25 Marks

 Design of a methodology

Firstly a clear methodology

should be presented,
Incident Handling and Hacking Techniques Part 1 (Hacking
Techniques) assessment- 90 %
Deadline: 14/01/2021 3pm
with sufficient detail so that a technical reader can

understand the approach taken and what each


stage

attempts to do.

This can include but is not limited to:

 The types of scans performed

 The types of vulnerabilities assessed

 The techniques used

 The tools to be used


Methodology Effectiveness & This section focuses on 25 Marks
Efficiency
 Host enumeration and fingerprinting

 Service enumeration and fingerprinting

 Vulnerability Scanning

The report should then reflect you executing each


step of the methodology. It should show each
stage being executed efficiently with the least
number of commands used, each command
should run with the optimal options. The way the
tools/commands are used should simulate attack
from a malicious hacker. The output of the
commands should also be show clearly and the
output should be in its most efficient form. Or with
a filter (i.e grep) used to extract the most
important/key pieces of information Overall - You
should show the execution of each step of the
Ethical Hacking Methodology you present. Marks
are awarded for how effective and efficient you
are.

Specific Results This section focuses on 30 Marks

 Vulnerability Exploitation

Up to 5 specific findings should be presented


covering the following areas:

 A clear and concise description of what the


finding is.

 A comment or indicator on how serious


Incident Handling and Hacking Techniques Part 1 (Hacking
Techniques) assessment- 90 %
Deadline: 14/01/2021 3pm
the issue is

 A repeatable example should be given.

 An explanation on why each item presents


a security risk

 Advice on how to fix/remediate the issues


found.

Report Summary A technical and management summary are both 25 Marks


presented which are tailored for each audience
and highlight the key findings and approach

2. Please choose one of the 5 vulnerabilities that you have found in Metasploitable and explain
in detail about possible solutions to address your chosen vulnerability in 1500 words. You
can either explain your own solution or you can explain recent solutions provided by cyber
experts. (75 Marks)

Overall Marks for this section 180/2

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy